By now, it's common knowledge that passwords are flawed. In April, the Heartbleed bug forced users to reset passwords across hundreds of thousands of websites. The celebrity photos stolen in September were, according to Apple, accessed through a "targeted attack on user names, passwords and security questions." And just this week, a thread on Reddit revealed hundreds of passwords for Dropbox accounts had been compromised.
Some of these hacks were more consequential than others—Dropbox released a statement Tuesday saying most of the passwords posted were expired anyway—but if anything can benefit from this year's seemingly never-ending security breaches, it's the field of biometrics.
Digital biometrics—using people's fingerprints, voices, and faces to unlock devices instead of using memorized passcodes—aren't anything new. They've been around since the first iris recognition algorithm was patented in 1994, and they gained significant traction post 9/11. What is new is the timing: The rapid demise of the conventional password in this year alone means digital biometrics can be "cool" again.
After all, when the use of biometrics first became widespread, the field had "a faint whiff of the future about it," Tim De Chant wrote in a report for PBS last year. But instead, as devices entered smartphones and tablets and even immigration checkpoints, the technology grew "sufficiently advanced to be almost unremarkable."
That perception can change, thanks to a renewed, more optimistic consumer base.
Just look at the results of Google's Mobile Voice Study, published Tuesday. In it, the 1000 adults and 400 teens surveyed about their use of hands-free voice functions like Google Now, Apple's Siri, and Microsoft's Cortana, were asked why they spoke to their smartphones when they did. In response, the overwhelming majority checked off answers for "It's cool," "It's the Future," and—most important—"It's safer."
Why People Use Voice Search
"Safer" could mean a slew of things—"It's hard to say exactly how respondents interpret the questions in surveys like these," a spokesperson for Google tells me—but for instance, users could find it easier to talk to their phones instead of inputting tactile commands while driving. The more people struggle to type on their phones, the more likely they'll hit the wrong buttons. That idea can be applied to hands-free identification: Instead of entering passcodes others can glimpse on screen, people could use their unique voices to unlock phones.
No, the voice study didn't take into account voice-activated passwords—that's a "separate area," the spokesperson says—but the responses show a clear interest in both age groups toward using biometrics for its "cool" factor, even if that interest isn't specifically for security purposes. In fact, 56 percent of the adults surveyed said using the tool made them "feel tech savvy," and most respondents—85 percent of adults, 89 percent of teens—agreed that voice search would become "very common" in the future.
It's clear biometrics doesn't have to get any flashier than it is—the current mood is already in favor of it.
That doesn't mean major tech companies don't have to fix technical problems. Siri, for example, had failed to recognize certain accents when it launched, and even in the iOS 7, had encountered a password security flaw where users could pull the software up to access information stored in the phone without entering a passcode. And Apple's foray into biometrics, the Touch ID sensor that first came with the iPhone 5S, still doesn't quite work the way it should.
But it is the right time for the next wave of biometrics to come into play, a wave that's already begun, with devices available that use iris identification, for example, and with the onslaught of smartwatches from Apple and Google. Making biometrics cool again would attract users, which would in turn attract research into improved biometrics—possibly making it the first step to ultimately killing the vulnerable password. And that would be ice cold.
We want to hear what you think about this article. Submit a letter to the editor or write to letters@theatlantic.com.
